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IN THE CLAIMS 

1 . (Currently Amended) A server comprising: 

a communications module operable to receive a dual communication packet from a 
client over a first channel, the dual communication packet including a header having a client 
external EP address and a data payload having an [[encoded]] encrypted port command 
having a client intemal IP address and a client data port number; 

a codec operable to [[decode]] decrypt the port command; 

a translation module operable to retrieve the client extemal IP address from the header 
and to generate a modified port command including the extemal IP address; and 

the server operable to establish a second channel based on the modified port 
command. 

2. : (Original) The server of Claim 1, fiarther comprising a packet filtering server 
firewall, i ^ 

i 

t t 

3. ' (Previously Presented) The server of Claim 2, further comprising a network 
address translator associated with the server firewall, the network address translator operable 
to include a static network address translation entry for each of the client and the server. 

4. (Original) The server of Claim 1, fiirther comprising a file transfer protocol 
(FTP) communication module wherein the communication session between the server and the 
client over the second channel is conducted in secure FTP. 

5. (Currently Amended) The server of Claim 1, wherein the codec is operable 
to [[decode]] decrypt based on secure socket layer (SSL) encryption technology. 
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6. (Currently Amended) A client, comprising: 

a communications module operable to receive a communication packet from a server 
over a first channel, the communication packet including a header having a server external IP 
address and a data payload having an [[encoded]] encrypted port command having a server 
internal EP address and a server data port number; 

a codec operable to [[decode]] decrypt the port command; 

a translation module operable to retrieve the server external IP address from the 
header and to generate a modified port command including the external IP address; and 

the server operable to establish a second channel based on the modified port 
command. 

7. (Original) The client of Claim 6, fiirther comprising a packet filtering client 
firewall. 

8. (Previously Presented) The client of Claim 7, further comprising a network 
address translator associated with the client firewall, the network address translator operable 
to include a static network address translation entry for each of the client and the server. 

9. (Previously Presented) The client of Claim 6, further comprising a file 
transfer protocol (FTP) communication module wherein a communication session between 
the server and the client over the second channel is conducted in secure FTP. 

10. (Currently Amended) The client of Claim 6, wherein the codec is operable to 
[[decode]] decrypt based on secure socket layer (SSL) encryption technology. 
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11. (Currently Amended) A method for establishing a data socket between first 
and second peers, comprising: 

receiving an IP Packet fi-om the first peer, the IP packet including a header and a port 
command; 

the header including a first peer IP address and the port command including an 
[[encoded]] encrypted second peer IP address; 

decoding the [[encoded]] encrypted second peer IP address; 
retrieving the first peer IP address firom the header; 

generating a modified port command including the first peer address in place of the 
second peer IP address; and 

using the modified port command to establish a data socket between the first and 
second peers. 

12. (Currently Amended) A method for establishing a transient channel over a 
non-transient channel, comprising: 

receiving an IP packet over the non-transient channel, the IP packet including a 
header and a port command; 

the header including a first peer IP address and the port command including an 
[[encoded]] encrypted second peer IP address; 

decoding the [[encoded]] encrypted second peer IP address; 

retrieving the first peer IP address fi-om the header; 

generating a modified port command including the first peer IP address in place of the 
second peer IP address; and 

using the modified port command to establish the transient charmel between a server 
and a client. 



DALX)1:838933,1 



ATTORNEY DOCKET NO. PATENT APPLICATION 

021768.1091 Serial No. 09/655,256 



13. (Currently Amended) A computer readable medium encoded with a 
computer program operable to: 

receive an IP packet from a first peer, the IP packet including a header and a port 
command; 

the header including a first peer IP address and the port command including an 
[[encoded]] encrypted second peer IP address; 

[[decode]] decrypt the [[encoded]] encrypted second peer IP address; 
retrieve the first peer IP address from the header; 

generate a modified port command including the first peer IP address in place of the 
second peer IP address; 

establish a data socket between the first peer and a second peer using the modified 
port command. 

14. (Currently Amended) i A method for establishing a data socket between a 
server and a client, comprising: 

encoding a port command including a client internal IP address and a client port 
number; 

generating a dual channel communication packet having a header and a data payload, 
the header including a server extemal IP address, server port niraiber, the client internal IP 
address and the client port number; 

the data payload including the [[encoded]] encrypted port command; 

transmitting the communication packet between the server and the client; 

decoding the port command; 

retrieving a client extemal IP address from the header; 

modifying the [[decoded]] decrypted port command by overriding the client internal 
IP address within the [[decoded]] decrypted port command with the client extemal IP 
address retrieved from the header; and 

establishing a data socket between the server and the client using the modified 
[[decoded]] decrypted port command. 
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15. (Original) The method of Claim 14, further comprising readdressing the 
client intemal IP address within the header with the client external IP address, at a client 
firewall. 

16. (Previously Presented) The method of Claim 14, further comprising 
readdressing the server external IP address within the header with a server intemal IP address 
at a server firewall. 

17. (Currently Amended) A method for establishing a data socket between a 
server and a client, comprising: 

transmitting a passive command to the server; 

encoding a port command including a server private IP address and a server port 
number; 

creating a dual channel communication packet having a header and a data payload, the 
header including a client external IP address, client port number, a server intemal IP address 
and the server port number; 

the data payload including the [[encoded]] encrypted port command; 

transmitting the communication packet to the client; 

decoding the port command; 

retrieving a server external IP address from the header; 

modifying the [[decoded]] decrypted port command by overriding the server intemal 
IP address within the [[decoded]] decrypted port command with the server external IP 
address retrieved from the header; and 

establishing a data socket between the server and the client using the modified 
[[decoded]] decrypted port command. 

18. (Previously Presented) The method of Claim 17, further comprising 
readdressing the server intemal IP address within the header with the server external IP 
address at a server firewall. 
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19. (Previously Presented) The method of Claim 17, further comprising 
readdressing the client external IP address in the header with a client internal IP address, at a 
client firewall. 

20. (Currently Amended) A method for transferring information over an external 
network, comprising: 

establishing a control channel between a server and a client; 

identifying a first end point at a first one of the server and the client, the first end 
point including a first portion and a second portion; 

encoding the first end point in a secure format; 

encapsulating the [[encoded]] encrypted first end point in a transmission packet 
including an address header having the private address of the first end point; 

translating the private address in the address header into a public address for 
transmitting over the external network; 

transmitting the transmission packet over the extemal network in the control channel; 

receiving the transmission packet at the other one of the client and the server; 

decoding the first end point; and 

modifying the end point by replacing the first portion in the [[decoded]] decrypted 
end point with the public address in the address header, and establishing a data channel 
between the client and the server using the modified end point. 

21. (Previously Presented) An electronic [[A]] signal for establishing a dual 
channel conununication between remote nodes, the electronic signal embodied at least 
temporarily in computer-readable media and comprising: 

a modified dual channel command for establishing a transient data channel between 
remote nodes; and 

the modified dual channel command including a public IP address of a peer node 
copied fi*om an IP header of a packet transmitting the dual channel command. 
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